CVE-2006-2194
First published: Wed Jul 05 2006(Updated: )
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Point-to-point Protocol Project Point-to-point Protocol | <=2.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ubuntu.com/usn/usn-310-1
- http://www.securityfocus.com/bid/18849
- http://www.debian.org/security/2006/dsa-1106
- http://www.osvdb.org/26994
- http://secunia.com/advisories/20963
- http://secunia.com/advisories/20967
- http://secunia.com/advisories/20996
- http://secunia.com/advisories/20987
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:119
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- vendor/point-to-point protocol project
- canonical/point-to-point protocol project point-to-point protocol
- version/point-to-point protocol project point-to-point protocol/2.4.4